Local File Inclusion Vulnerability in FUXA by FrangoTeam
CVE-2023-31718
7.5HIGH
Key Information:
- Vendor
Frangoteam
- Status
- Vendor
- CVE Published:
- 22 September 2023
Badges
๐พ Exploit Exists๐ก Public PoC
What is CVE-2023-31718?
The FUXA application, developed by FrangoTeam, is vulnerable to Local File Inclusion (LFI) attacks through the /api/download endpoint. This vulnerability allows attackers to include local files on the server, which could lead to unauthorized access to sensitive information or execution of malicious scripts. It is crucial for users of FUXA versions up to 1.1.12 to apply updates and security patches to mitigate the risks associated with this vulnerability.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
